Security

A look at Apple’s new, more secure 2-factor authentication in iOS 9 and El Capitan

Christian Zibreg ∙ Updated October 14, 2018

At WWDC, Apple has made a promise to step up security with native two-factor authentication in iOS 9 and OS X El Capitan. Before today, the feature was unavailable on iOS 9 betas prior to beta 3.

But with today's release of iOS 9 beta 3, the new system has made its debut, with some users offered the option to upgrade their Apple ID to use the new two-factor authentication.

Here's what you need to know about this new system, how it increases your security and how it's different from Apple's existing two-step verification process.

How to make Cydia purchases with PayPal’s 2-Factor Authentication

Jeff Benjamin ∙ Updated June 12, 2018

Now that Amazon Payments is no longer an option for purchases in Cydia, users are forced to use PayPal, at least for the time being. Saurik has noted that he plans on offering an alternative to Cydia, but until that day comes, users are forced to use PayPal.

The problem with PayPal, is that you cannot make a payment via Cydia if you have 2 Factor Authentication (2FA) enabled on your PayPal account. You'll simply receive an error message stating that you need to add your security key to the end of the password in order to login. This, unfortunately, doesn't work, leaving users who haven't set up the initial auth with PayPal unable to purchase Cydia tweaks.

This issue is due to the mobile PayPal interface presented while inside Cydia. If you can bring your authorization outside of Cydia and into mobile safari, you can invoke the desktop interface and login to PayPal that way. Thankfully, a new jailbreak tweak makes this easy.

TaiG 2.2.1 released with setreuid patch and stability improvements

Jeff Benjamin ∙ July 2, 2015

After a false start earlier this morning with an update to its iOS 8.4 jailbreak tool, TaiG has officially released version 2.2.1.

This update is security oriented, as it contains the setreuid patch to prevent applications from obtaining to root privileges through setreuid. The update also contains stability improvements. If you've yet to jailbreak your iOS 8.4 device, it is recommended that you use this latest version of TaiG's tool, version 2.2.1.

Blocked is a new security tweak that lets you limit iPhone access

Jeff Benjamin ∙ Updated April 18, 2018

Jailbreakers Nikias Bassen (Pimskeks) and Melissa Archer have teamed up for a new security-oriented jailbreak tweak called Blocked. Released at WWJC 2015, Blocked brings two new operation modes to the iPhone for enhanced security.

The two modes, SleepMode and GuestMode, each work to block access to certain features. By using Activator gestures, users can quickly and stealthily enter either mode to beef up device security.

Watch our video walkthrough inside to see how to the tweak works.

Apple issues Mac App Store patch for XARA exploits as additional fixes are ‘in progress’

Christian Zibreg ∙ June 22, 2015

A cross application resource attack (XARA) that researchers at Indiana University, Georgia Tech and China’s Peking University publicized last week seems to have been partially addressed as Apple issued a server-side fix on the Mac App Store to block malicious apps and secure app data.

Additional fixes are in the works for the XARA exploits on both iOS and OS X, a company spokesperson told iMore. XARA exploits allow malicious apps to steal iCloud credentials of a user, access private data in apps like 1Password and Evernote, hijack their iCloud Keychain passwords and more.

Major security flaws leave iOS and OS X vulnerable to wide ranging password theft

Christian Zibreg ∙ June 17, 2015

Your confidential information ranging from web passwords in Chrome and other browsers to app passwords to banking credentials stored and synced between devices though Apple's iCloud Keychain service—even data you thought was stored safely in password managers like 1Password and LastPass—can be easily compromised due to a trio of major vulnerabilities discovered in Apple's desktop and mobile operating systems.

As discovered by a team of researchers at Indiana University, Georgia Tech and China's Peking University and reported by The Register, Keychain's access control lists, URL schemes and OS X's app containers contain flaws creating serious attack vectors.

Elite Chinese hacking group ‘Keen Team’ working on iOS 9 jailbreak

Cody Lee ∙ Updated April 18, 2018

Good news today for jailbreakers who are hoping to update to iOS 9 this fall. Speaking with Forbes' Thomas Fox-Brewster, Liang Chen of the elite hacking group Keen Team says they're eyeing the firmware to release their first ever jailbreak.

Right now, Chen says the team is prodding the recently released iOS 9 developer beta, and may even reach out to the well-known Pangu Team for assistance. “We want to release it just after iOS 9, that’s our plan," he told Forbes. “It depends how lucky we are.”

Flaw in Mail for iPhone and iPad can be used to hijack your iCloud password

Christian Zibreg ∙ June 10, 2015

A serious bug in Apple's stock Mail application for iPhone, iPod touch and iPad permits attackers to fool users into providing their iCloud credentials.

Such phishing attacks can be devastating as iCloud increasingly becomes home for our digital life in the Apple universe, including our photo libraries, notes, contacts and other personal data.

The scam takes advantage of an exploit in the Mail application that makes it easy to deliver convincing-looking pop-ups resembling iCloud password prompts through a simple email message, The Register reported Wednesday.

While such emails look like they're coming from a real company, they're spoofed and once an unsuspecting user opens them on their iPhone, iPod touch or iPad running iOS 8.3, the operating system will execute malicious HTML content embedded inside.

Activation Lock coming to Apple Watch this fall with watchOS 2 software update

Christian Zibreg ∙ June 8, 2015

Activation Lock, Apple's theft-deterrent feature available on iPhone, iPod touch and iPad devices running iOS 7 or later, will be available on the Apple Watch this fall, courtesy of the free watchOS 2 software update announced earlier this morning during the Worldwide Developers Conference keynote talk.

It was previously discovered that the Apple Watch lacks this necessary security feature to dissuade thieves due to the limitations in its software and its dependency on iPhone for network connectivity.

Tim Cook takes jabs at Google and Facebook in speech about privacy and security

Cody Lee ∙ Updated April 18, 2018

Tim Cook took time out of his busy schedule yesterday to talk about privacy with folks attending EPIC's Champions of Freedom event in Washington. EPIC, a non-profit research center focused on emerging privacy issues, was honoring the CEO for his superior "corporate leadership."

Cook addressed attendees via a remote video feed, and spoke about a number of topics regarding privacy, security and what they mean to Apple versus other Silicon Valley tech giants. TechCrunch has a transcription of the speech, and he takes quite a few jabs at Facebook and Google.

Android M: Six headlining features from Google’s upcoming mobile OS update

Jeff Benjamin ∙ Updated April 18, 2018

Google's annual I/O conference is currently going on in San Francisco, and as expected, Android M, its latest update to Android, was officially unveiled. Although lots of new features will be packed in with Android M, six of those features were brought to the forefront during the beginning of the I/O keynote.

Google states that Android M is rethinking fundamental aspects of how the platform has worked for years, and focuses on polish and quality and improving the core user experience. From what we've seen thus far, we'd have to agree.

The following six areas—App Permissions, Web Experience, App Links, Android Pay, Fingerprint Support, and Power & Charging—were specially highlighted as new features for Android M. What do these new features mean for Android and the future of mobile?

IneffectivePower and Unicode Suppressor will protect jailbroken devices from the “effective power” Messages bug

Josh Pasholk ∙ Updated January 28, 2019

There is a new bug in iOS that resprings most peoples phones due to a low memory crash. It is caused by iOS's inability to render certain strings of Arabic characters which overloads the memory, causing resprings and reboots or safe mode on a jailbroken device. Simply explained, when someone messages you those characters and you get a banner notification, your phone starts kicking the bucket.

A few developers have stepped in and saved the day for jailbreakers. This isn't the first or second time the jailbreak community receives a security fix quicker than Apple is able to push one to stock devices. It's a great example of the argument that jailbroken iOS, in the right hands, can be more secure than stock.